Notes for Apache for Debian -------------------------- * The logfiles are created by /etc/logrotate.d/apache with default owner root.adm, permissions 640. If this breaks your favourite web-analysing program, you may change it. Security above convenience. Johnie actually made this change, but I agree with it. -- Matthew Wilcox , Sun, 20 Jan 2002 23:27:16 -0700 * The default webpages are owned by root.root by default (*not* www-data.www-data), so hackers will have a harder time defacing the site. -- Johnie Ingram , Thu, 10 Aug 2000 09:47:11 -0700 * This apache does not pass the HTTP_AUTHORIZATION CGI header (i.e. -DSECURITY_HOLE_PASS_AUTHORIZATION was not defined), but if you really need it this can be simulated with mod_rewrite: RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*)$ [NC] RewriteRule /.* - [E=HTTP_AUTHORIZATION:%1] [Thanks to Miquel van Smoorenburg for this tip.] -- Johnie Ingram , Fri, 20 Aug 1999 23:57:39 -0500 * This apache uses a modified regex ABI: the problem is... posix says regoff_t == int apache says it's an off_t but off_t... off_t BAD! off_t == changes size with LFS on thus, bewm -- Johnie Ingram , Wed, 6 Dec 2000 15:18:14 -0800